Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks.
7.1CVSS
7AI Score
0.001EPSS
Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.
6.1CVSS
5.9AI Score
0.001EPSS